Yeah screw Cloudflare proxying. I've had to swap DNS providers many times I currently used CF for DNS only. I was so fed up with price changes, my domains getting flagged with ICAAN for no reason, and automated renewals not automatically renewing. Along with other shady whispers which made me move in the past. It's been almost 2 years since using CF as a registrar and it's been 100000000 times better than many of the other popular services I've used.

I'm paranoid that CF would be serving alternate IPs to users, so I run a ping for my domains a few times a day to make sure CF is serving the correct IPs.

My edge servers only route traffic, they do not terminate SSL connections. Only my local machines have a certificates (I use HCP Vault to manage them)